Table of Contents
Advertisement
[SwitchB-ikev2-profile-profile1] match remote identity address 1.1.1.1 255.255.255.0
[SwitchB-ikev2-profile-profile1] quit
# Create an IKE-based IPsec policy entry with name use1 and sequence number 10.
[SwitchB] ipsec policy use1 10 isakmp
# Specify remote IP address 1.1.1.1 for the IPsec tunnel.
[SwitchB-ipsec-policy-isakmp-use1-10] remote-address 1.1.1.1
# Specify ACL 3101 to identify the traffic to be protected.
[SwitchB-ipsec-policy-isakmp-use1-10] security acl 3101
# Specify IPsec transform set tran1 for the IPsec policy.
[SwitchB-ipsec-policy-isakmp-use1-10] transform-set tran1
# Specify IKEv2 profile profile1 for the IPsec policy.
[SwitchB-ipsec-policy-isakmp-use1-10] ikev2-profile profile1
[SwitchB-ipsec-policy-isakmp-use1-10] quit
# Apply IPsec policy use1 to VLAN-interface 1.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ipsec apply policy use1
[SwitchB-Vlan-interface1] quit
Verifying the configuration
# Initiate a connection between Switch A and Switch B to trigger IKEv2 negotiation. After IPsec SAs
are successfully negotiated by IKEv2, traffic between the two switches is IPsec protected.
IKEv2 with RSA signature authentication configuration
example
Network requirements
As shown in
secure the communication between the switches.
Configure Switch A and Switch B to use IKEv2 negotiation and RSA signature authentication.
Figure 94 Network diagram
Configuration procedure
1.
Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-vlan-interface1] quit
Figure
94, configure an IKE-based IPsec tunnel between Switch A and Switch B to
318
Advertisement
Table of Contents
Troubleshooting
